You are here

public function EntityQueryTest::testInjectionInCondition in Drupal 10

Same name and namespace in other branches
  1. 8 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()
  2. 9 core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php \Drupal\KernelTests\Core\Entity\EntityQueryTest::testInjectionInCondition()

Tests against SQL inject of condition field. This covers a database driver's EntityQuery\Condition class.

File

core/tests/Drupal/KernelTests/Core/Entity/EntityQueryTest.php, line 1207

Class

EntityQueryTest
Tests Entity Query functionality.

Namespace

Drupal\KernelTests\Core\Entity

Code

public function testInjectionInCondition() {
  $this
    ->expectException(\Exception::class);
  $this->queryResults = $this->storage
    ->getQuery()
    ->accessCheck(FALSE)
    ->condition('1 ; -- ', [
    0,
    1,
  ], 'IN')
    ->sort('id')
    ->execute();
}